Version: 7.2402.x.x RR

OTP

This table lists the policy parameters specific to OTP credentials.

In addition to the policy parameters defined in this table, the policy parameter defined in the table in the chapter All credential types is also valid for OTP credentials.

Name	Data Type, Values	Default	Description
closeToExpirationThreshold	Data type: int (days)	10	Defines the number of days preceeding the real expiry date at which the batch job UpdateCredentialStateJob, if configured, will trigger renewal or other communication events. Example: If set to 2, then all OTPs that expire the day after tomorrow (between 00:00 and 23:59) will be affected.
coordinateCardFormat	Data type: boolean	false	Defines the format in which the challenges in the OTP card are stored. When true, the coordinate format is used, i.e., the challenges are numbered from A1 to N12. When false, the challenges are sequentially numbered from 001 to 168.
credentialLifetime	Data type: int (>0)	10 years in milliseconds	The time to live (in milliseconds) of the OTP credential. After the defined period of time, the user will not be able to log in with this OTP credential anymore.
fallbackAllowed	Data type: boolean	true
fallbackTransitionPeriod	Data type: int (>0)	14	Defines the period in days during which a user may still use his old OTP card although a new OTP card was already sent to him.
lowOnChallengesThreshold	Data type: int	20	Threshold that triggers a warning as soon as the number of remaining challenges on the OTP card goes below the configured value.
maxCredFailureCount	Data type: int (>0) or -1	3	Maximum number of login failures before a password is definitely locked. If set to "-1", the max. failure counter is disabled.
renewWhenCloseToExpiration	Data type: boolean	false	Defines whether the batch job UpdateCredentialStateJob should trigger an OTP card renewal when closeToExpirationThreshold is reached.
renewWhenLowOnChallenges	Data type: boolean	true	If set to true, it triggers an OTP card renewal event when the lowOnChallengesThreshold is underrun. Renewal means generating an additional OTP card while the original card remains untouched.
reuseChallenges	Data type: boolean	true	Enable/disable the reuse of challenges.
sendingMethod	Data Type: comma-separated list of enums Values: any subset of PDFstore, Print, PDFemail, None	PDFstore	Defines a fallback list of different methods of how a credential should be communicated to the user (if the first method fails for some reason, the second is tried, and so on). All methods (except None) will fail if the corresponding template is missing or one or more of the mandatory placeholders are empty. If sendingMethod was not defined at all, nevisIDM takes the default value. The default value has no fallbacks. If "PDFstore" is configured, the following additional parameters can be defined: PDFstore.destDir (optional): Defines the destination directory where the PDF is to be saved. If the parameter is not configured, the destination directory set in the configuration nevisidm-prod.properties will be used as fallback. The sending method "PDFemail" requires two templates: one e-mail and one OpenOffice template. If either of the templates is missing, the PDF sending will fail. The credential value will be propagated only to the PDF document. If "PDFemail" is configured, the following additional parameter can be defined: PDFemail.htmlEmail (optional, default: false): If the parameter is "true", an HTML e-mail will be sent. Otherwise, a plain text e-mail will be sent.
sendWarningWhenCloseTo-Expiration	Data type: boolean	false	Defines whether the batch job UpdateCredentialStateJob should trigger an OTPExpirationWarning communication event when closeToExpirationThreshold is reached.
sendWarningWhenLowOnChallenges	Data type: boolean	false	If set to true, it triggers an OTPLowOnChallengesWarning as soon as the lowOnChallengesThreshold is underrun.
supportLegacyCardTransition	Data type: boolean	false	Enables the fallback mechanism to legacy OTP cards (migrated cards, whose dimensions are different from nevisIDM OTP cards). If this parameter is set to true, nevisIDM will generate a pair of challenges during the transition phase from the old migrated OTP card to the new OTP card. Example pair of challenges: 168#J10. The user can log in with the old card (giving the value of position J10 in the old card as response) or with the new card (giving the value of position 168 in the new card as response).
templatePrecedence	Data type: int	null	The precedence number of the template we want to use during the communication with the user. If the parameter is not set, the default template will be used. If no template exists with the given precedence number, an error will occur.